Various types of encryption schemes are widely used to secure data (e.g., an email message or file) for communication over a network. For example, in symmetric encryption, both the user that is encrypting data and the user that is decrypting the data need copies of the same encryption key. Asymmetric encryption, also known as public key encryption, uses key pairs (e.g., a public key and a private key). In asymmetric encryption the public keys may be shared but the private keys are not.
Encryption keys may be stored on a computer system, e.g., as part of a user profile or other repository for user settings, credentials, etc. The encryption keys may be modified or replaced over time to decrease the likelihood that unauthorized users are able to decipher the encryption scheme. In any event, the user is provided access to the encryption keys after the user is authenticated (e.g., during logon) and the user profile is loaded on the computer system.
The user may, however, need access to the encryption keys at more than one computer system (e.g., a personal computer and one or more mobile devices). Although the user may transfer the encryption keys from one computer system to another (e.g., using a diskette or other removable storage media), this is cumbersome and time-consuming. While smartcards may be used, these are expensive. Alternatively, the user profile may be stored on a network server and accessed from a variety of different computer systems every time the user connects to the network. However, the user profile may be large (many megabytes) and downloading the user profile from a network server may slow the logon process. In addition, the user may not be able to logon and use the computer without a locally-stored user profile (when the network is not available).